• Creator
  • #2146245

    NTOSKRNL – Sygate FW


    by bladeofudun ·

    I am using Sygate Personal Firewall and I have been getting a large number of alerts about ntoskrnl. I have just updated to XP Service Pack 3. Should I be concerned?

All Answers

  • Author
    • #2461838


      by bladeofudun ·

      In reply to NTOSKRNL – Sygate FW


    • #2459840

      I think you are OK

      by rob miners ·

      In reply to NTOSKRNL – Sygate FW

      After SP3 Virus test result AVG

      Partition table (MBR) C: = Changed
      Boot sector of disk C: = Changed
      C:\windows\system32\kernel32.dll C: = Changed
      C:\windows\system32\wsock32.dll C: = Changed
      C:\windows\system32\user32.dll C: = Changed
      C:\windows\system32\shell32.dll C: = Changed
      C:\windows\system32\ntoskrnl.exe C: = Changed

      • #2564120


        by bladeofudun ·

        In reply to I think you are OK

        So should I unblock it to make sure it does whatever it needs to be do?

        • #2564684


          by rob miners ·

          In reply to Unblock?

          what I have been seeing on other forums the quick fix is to remove Sygate and reinstall, as it is a known problem with Sygate. Some of your settings may have been upset when you installed SP3. It shouldn’t need access to the internet so keep blocking it.
          In Options there is an option to Hide Notification Messages.

    • #2459832

      This is a description of NTOSKRNL. EXE

      by oh smeg ·

      In reply to NTOSKRNL – Sygate FW

      Windows errors related to ntoskrnl.exe?
      ntoskrnl.exe is a critical process in the boot-up cycle of your computer although should never appear in Win Tasks whilst under normal circumstances

      Note: ntoskrnl.exe can be altered by the w32.bolzano and variants. If this process appears in Win Tasks, please update your virus definitions immediately.

      So unless you have a listing in Win Tasks or Running Processes there isn’t a problem but a scan with a updated AV Product will not hurt.


      • #2564121


        by bladeofudun ·

        In reply to This is a description of NTOSKRNL. EXE

        Do you realize how many times I’ve come across that description… word for word or close enough as to make no never mind?

        • #2563953

          Well it should tell you something

          by oh smeg ·

          In reply to Right…

          This process is only used by Windows to startup not to run Windows. It is also an Attack Vector to exploit Windows.

          Personally if I was seeing this reported I would be scanning my computer as I would expect it to be compromised if it was occurring while running. If it is only occurring on the startup it’s not an issue but if it is constantly occurring while running there is a potential problem there that needs looking at.

          The reason that the description above is so wide spread is because it’s simple and accurate. As I don’t have access to the machine in question all I can do in relation to the question asked of [b]Is This a Problem[/b] is reply with a description of what the process does and that it is a Native Windows Process that can be compromised. If the system tests as clean I still wouldn’t be unblocking ports to allow it to do it’s thing but if other Windows Processes need that port unblocked I may seriously consider unblocking that port. It depends on what is happening and what is making the calls. But as to should I be worried I really don’t know you have to make that decision and I’m trying to give you accurate Information to help you make whatever decision you eventually come to.


        • #2564281


          by bladeofudun ·

          In reply to Well it should tell you something

          Thanks for the advice, I’m thinking I will either reinstall Sygate or switch that computer over to Comodo as well.

Viewing 2 reply threads